Beware of Phishing Scams

Phishing email messages, websites, and phone calls are designed to steal money or information. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

Example of phishing email & Warning Signs

Here is an example of what a phishing scam in an email message might look like.

Example of a phishing email message

  • Spelling errors and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.

  • Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.

    Phishing scams masked web address

    Links might also lead you to .exe files. These kinds of file are known to spread malicious software.

  • Threats. Have you ever received a threat that your email account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.

  • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.

Can you spot a phishing email? Take this short quiz to find out.

How to Avoid Them

To avoid phishing scams, never click the links provided within these types of email messages. If you feel the message may be legitimate, go directly to the company's website by typing it in your browser or contact the company by phone to see if you really do need to take the action described in the email message. Delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the fraudulent web sites it contains.

Use a Phishing Filter

If you use Internet Explorer as an internet browser, you should enable the Phishing Filter. This feature enables a portion of the web browser to change colors to signify that the page you're on is a known phishing site.

Firefox has a similar feature. To turn on this feature go to: Tools > Options > Security. Check Block Reported Attach Sites and Block Web Forgeries.

If you do fall victim, tips for damage control are available on the Phishing Web Page.

Links and References

For avoidance tips, more info and examples try these sites:

Reporting Phishing Attempts

You can report these phishing scam attempts to the company that's being spoofed.

 

 

Downloading and Copyright Infringement

We've heard all of the excuses – "Everyone is doing it so the authorities will never single me out for prosecution." "I didn't know I was doing anything wrong!" "I'm not hurting anyone." "My roommate said making a backup was okay." "There wouldn't be a place on the web to download it if it wasn't okay."

The bottom line is unless you own the copyright; you can't copy or share it without permission.  That includes music, videos, software or textbooks from the Web.  If you do it, it is stealing and it is just as illegal as shoplifting.   It is against the law and against the Appropriate Use of Information Technology Policy and the Copyright Regulation Policy .

It's just not the Auburn way.

I believe in honesty and truthfulness, without which I cannot win the respect and confidence of my fellow men...

I believe in obedience to law because it protects the rights of all...

And because Auburn men and women believe in these things, I believe in Auburn and love it.

- George Petrie (1945)
(excerpts from The Auburn Creed)

What's all the fuss about?

Auburn University is obligated to enforce the Digital Millennium Copyright Act (DMCA) – and it's the right thing to do.  To protect you and Auburn University, peer-to-peer (P2P) file sharing is not accessible via our wireless network, AU_WiFi. File sharing web sites and applications, including those that share illegal audio and video files, are blocked to prevent copyright violations. Legal methods to download music on the Internet will continue to be accessible.

Auburn University has received complaints from the owners of copyrighted works being pirated by users in the on-campus residential community and AU is held accountable for the actions of these students. The University and the employees or students committing the violations could be held liable for damages.  When accessing download-able digital resources off-campus you'll have to let your conscience be your guide.  So, no excuses – don't download copyrighted material without permission!

Excuse-busters

  • "Everyone is doing it so the authorities will never single me out for prosecution."
    In the recent past there have been a number of students wearing orange and blue who thought the same thing.  They were wrong.  Legal action was filed against these Auburn University students by the Recording Industry Association of America (RIAA).  It's no joke.  In the last few years, Auburn received hundreds of legal notices of violations.

    Criminal penalties for first-time offenders: up to five years in prison and $250,000 in fines.

    Civil penalties: thousands of dollars in damages and legal fees from $750 up to $150,000 PER SONG.

  • "I didn't know I was doing anything wrong."
    This is one excuse that will be too little, too late after you're caught! It is your responsibility to educate yourself and ensure you aren't violating the law.  These are examples of violations of the Digital Millennium Copyright Act (DMCA) from www.musicunited.org:

    Somebody you don't even know emails you a copy of a copyrighted song and then you email copies to your friends.

    You make an MP3 copy of a song because the CD you bought expressly permits you to do so. But then you put your MP3 copy on the Internet, using a file-sharing network, so that millions of other people can download it.

    Even if you don't illegally offer recordings to others, you join a file-sharing network and download unauthorized copies of all the copyrighted music you want for free from the computers of other network members.

    In order to gain access to copyrighted music on the computers of other network members, you pay a fee to join a file-sharing network that isn't authorized to distribute or make copies of copyrighted music. Then you download unauthorized copies of all the music you want.

    You transfer copyrighted music using an instant messaging service.

    You have a computer with a CD burner, which you use to burn copies of music or videos you have downloaded legally onto writable CDs for all of your friends (that's the illegal part).

  • "I'm not hurting anyone."
    According to the Institute for Policy Innovation, global music piracy alone causes: $12.5 billion in economic losses every year and approximately 71,060 lost jobs In the U.S.

    It's having a very real and harmful impact on countless musicians, songwriters, performers, recording engineers, record-store clerks, and the public.

    You could be hurting yourself too. The US Department of Homeland Security says file sharing makes you vulnerable to virus infection, attacks, and exposure of your own personal information: www.us-cert.gov.

  • "My roommate said making a backup was okay."
    Section 117 of the Copyright Act grants permission to make an "archival" or backup copy of software you purchased legally, but does NOT give you the authority to make a backup copy of other material like music or movies or other copyrighted works that have been downloaded (http://www.copyright.gov/ help/faq/faq-digital.html). You can make limited backups of music downloaded legally, under some circumstances.   Check the Terms of Service for the source of your legal download for specific details.

  • "There wouldn't be a place on the web to download it if it wasn't okay. "
    Really? Do you believe everything you read on the Internet?

Do it the right way.

 

 

Once Your Personal Info Is Online, It's There

  • Be careful what you share. Online communities such as Facebook and Twitter ask you for a username, email address, and password when you sign up. You may also be asked for more personal information, such as your birth date, occupation, home and work addresses, phone numbers, gender, marital status, and so on.

    Web sites want personal information because it helps them build community and enables them to provide advertisers with demographic information about their members, but whether to share those details is your decision. 

    Bottom Line: the more personal information you reveal online, the more vulnerable you are to scams, spam, and identity theft.

  • Be a minimalist. When signing up for free accounts like email, blogs, instant messaging, music or photo sharing, give only the required pieces of information.

  • Look before you post. Before you sign up with a social networking community, read the privacy policy. It may be really boring reading, but you need to find out how the site will use your personal info you supply when you sign up.

  • Don't go public. Many sites enable you to control who can see and comment on your blog. You don't let just anyone into your house; lock your profile too!

  • Think long-term. Once something is online, you can never delete it. Anything published on the Web could have been viewed, emailed, printed or saved by almost anyone.  

  • Stay alert. As you get to know more people online, you may begin to share information casually. Scammers count on that false security to gather personal information that can help them commit fraud or steal your identity. Continue to use common sense as you make online friends. Listen to your instincts about people.

Don't Be a Victim

  • Don't accept friend requests from strangers. Does this really need to be said? Probably since you were able to talk adults have told you, "Don't talk to strangers." The same thing applies online.

    Let's face it. Do you really think that super hot girl is having trouble meeting people? Chances are it's some scumbag trying to get your personal information to commit identity theft.

  • Shop safely online.  Make sure the site is secure (the address starts with https not http).  Never give out bank account numbers, social security numbers, or any other personal information that is not absolutely needed.  Do not use a shared or public computer for online shopping.

  • Never rush to meet someone you have met online.  Even if you've met them on a reputable site and they seem trustworthy, be suspicious if they're pushy about wanting to meet you in person.  Make sure to talk on the phone before meeting, meet in a public place, and bring a friend.

 

 

Secure Mobile Data Against Loss, Theft and Unauthorized Access

Laptops, smartphones, and removable storage drives enable us to get information on the go.  We no longer have to be tethered to our desks to check our email, surf the web, or access files and information.  Advances in wireless communication have made communication mobile, but also made it easier for the unscrupulous to access our personal information.  Unless you secure your mobile data against loss, theft and unauthorized access, you are vulnerable.

How can you protect your mobile data?

  • Encrypt off-campus Wi-Fi transmissions using the Auburn VPN when possible.
  • Secure your USB Drive
    - Don't leave them behind in public labs
    Truecrypt - 3rd Party encryption method for removable storage
    - Wikipedia article on securing your USB drive
  • Use BitLocker To Go - this feature of Windows 7 gives the lockdown treatment to easily-misplaced portable storage devices like USB flash drives and external hard drives. This allows you to protect information stored on removable media with the same level of protection as the operating system volume.
  • Secure your laptop - don't make it easy for the bad guys: use a carrying case that does NOT look like a laptop bag and don't leave your laptop unattended. In the AU Library you can check out a lock for your laptop so you don't have to take it with you to the stacks. Taking things one step further, password protect your laptop and consider installing tracking software.
  • Secure your handheld device - your smartphone and tablet can be protected by simply setting a password on the device.

Additional Helpful Links

What to do if you lose your phone

Login to TigerMail online and go to Options > See All Options > Phone and select your device. Choose Wipe Device. Wait ten minutes, then contact your wireless provider to disable the phone.

If you were using your phone to check any email account via IMAP, change your password for that account. This will not remove the existing email from the phone, but it will prevent future nefarious usage of the account(s).

If you are an employee on the Blackberry Enterprise Server (BES) follow these steps:

  1. Immediately contact OIT by calling the HelpDesk at (334) 844-4944 or sending an email directly to besadmin@auburn.edu (Exchange Blackberry users). We can wipe out the data on your phone remotely. It can be restored later, but whoever finds your missing phone won't be able to read all of your email and other sensitive data in the meantime.
  2. Once OIT has verified the hard reset of your phone's data, call your service provider and disable the phone number so unauthorized calls cannot be made.

Don't reverse these steps. Once the phone is disabled, OIT won't be able to access it to perform step #1.

Wireless Safety in Public Hot Spots

People in Auburn have embraced the use of wireless networks. Unfortunately, online predators know this too. Using unsecured wireless networks can leave you computer, phone and handheld devices vulnerable to attack. Here are some tips when using a wireless network:

  • Only use legitimate hotspots (wireless access points) - make sure you know who owns the connection you are trying to access.
  • Use a VPN client - Download a free VPN client at AU Install.
  • Enable your personal firewall - Microsoft Windows users have a personal firewall installed.
  • Turn off your Android/iPhone's built-in Wi-Fi when you aren't using it or you may be auto-connecting to nearby wireless access points - plus it saves your battery!
  • Don't forget to secure your wireless network at home by enabling a password for the wireless router.  If you are in an area with many wifi hot spots or lots of residents near your wifi consider not broadcasting your SSID. 

 

 

Security Tips

Be smart!! Most security risks and scams can be easily avoided if you use a little common sense.

  1. Use anti-virus software
    • AU provides links to free anti-virus software @ AU Install
    • Frequently scan your computer
  2. Keep your operating system up-to-date
    • Turn on Automatic Updates to ensure your operating system gets the most recent security patches and hotfixes
  3. Backup Regularly
  4. Avoid Phishing Scams & Identity Theft - Don't Click Links in Email
  5. Stay safe on Wireless Networks
    • Only use legitimate hotspots
    • Defend your mobile device with a personal firewall and a VPN Client
    • Secure your home wireless network -- see print-out below
    • Select a secure wireless network that requires a password and is indicated by a “lock” icon
    • Do NOT process financial transactions (pay bills, access your bank) over a PUBLIC wireless network.
    • Do NOT connect to an unknown wireless network.
    • When traveling, check with the establishment personnel and obtain the name of the wireless network so you will know not to connect to a rouge wireless network.

Print-outs

Security Links

 

Promotional Material

Please display these promotional items during National Cyber Security Awareness Month. All items are provided by the Office of Information Technology and are free of charge to use as print items. All promotional items must be used in the manner intended. Reproducing all or part of any promotional items for uses other than intended is prohibited. If you have any questions, please contact webmaster@auburn.edu.